<?php
   // Classe définissant les méthodes de contrôle d'accès aux fonctionnalités de services
   // Auteur: Sebastian Mosser
   
   
class AccessControlList {

   private $_granted;
   private $_everybody;
   
   public static $EVERYBODY_ALLOWED = -666;
   
   public static $DENY_ALL  = 6;
   
   public static $JUST_ME   = 66;
   const ALL       = 666;
   
   public function __construct() {
      $this->_granted = array();
      $this->_everybody = false;
   }
   
   public function setGranted($groupId, $selector = self::ALL) {
      if ($groupId == self::$EVERYBODY_ALLOWED)
         $this->_everybody = True;
      else
         $this->_granted[$groupId] = $selector;
   }
   
   public function getGranted() { return $this->_granted; }
   
   public function isAvailable($userGroups) {
      if ($this->_everybody)
         return True;
      $tmp = $this->availableGroups($userGroups);
      return count($tmp) != 0;
   
   }
   
   private function availableGroups($userGroups) {
      //return array_intersect_key($userGroups,$this->_granted);
      if ($this->_everybody)
         return self::$EVERYBODY_ALLOWED;
      $result = array();
      foreach ($this->_granted as $k => $v) {
         if (array_key_exists($k,$userGroups))
            $result[$k] = $v;
      }
      return $result;
   }
   
   public function isExposable($userGroups) {
      if ($this->_everybody)
         return self::$EVERYBODY_ALLOWED;
      $available = $this->availableGroups($userGroups);
      if (count($available) != 0) { // On a des groupes disponibles
         // On cherche la permission la plus large a appliquer
         return array_reduce($available,"max");
      }
      // Pas de groupes disponibles
      //return False;
      throw new SecurityException("Accès refusé !");
   }

}

?>